The field of network security has become increasingly important in today's society. The Internet has enabled interconnection of different computer networks all over the world. In particular, the Internet provides a medium for exchanging electronic communications between various systems in the same or different computer networks. While the use of the Internet and other networking infrastructures has transformed business and personal communications, it has also become a vehicle for malicious operators to gain unauthorized access to systems and networks and for intentional or inadvertent disclosure of sensitive information.
Malicious software (“malware”) that infects a system may be able to perform any number of malicious actions, such as sending out spam or malicious emails from the host system, stealing sensitive information from a business or individual associated with the host system, propagating to other host system, assisting with distributed denial of service attacks and/or sabotage or espionage (or other forms of cyber-warfare), for example. Many different approaches for detecting malware on potentially affected systems are available. Scanners are often used on endpoint devices to detect code signatures, system modifications, or behavioral patterns. Other approaches involve scanning an infrastructure component to detect malware in network communications. Nevertheless, some malware still eludes detection, for example, by attacking or modifying the malware detection system itself or because the malware detection system has insufficient contextual knowledge of the potentially affected system. Hence, significant administrative challenges remain for protecting computers and computer networks from malware.